1 Introduction
With the popularity of Internet technology applications, as well as the government. VPN technology provides enterprises with a low-cost networking method for the continuous growth of enterprise and various departments and their branch structure network construction and security interconnection. At the same time, China's current "computer security level protection" also provides enterprises with a safe overall design ideas and standards when constructing information systems. How to make full use of VPN technology and related products to provide enterprises with security level protection requirements. The cost-effective overall solution for network security is a challenge in the design of enterprise information systems.
2. Development track of information security management system
For the issue of information security management, it attracted the attention of the world's major developed countries in the early 1990s, and invested a lot of money and manpower for analysis and research. In 1995 and 1998, the United Kingdom published the first part of the BS7799 standard, "Information Security Management Implementation Rules" and the second part of the "Information Security Management System Specification", which stipulates the information security management system and control requirements and implementation rules. The purpose is to determine The only reference for the industrial and commercial information system to control the scope of control in most cases is the basis for a comprehensive information security management system assessment and the basis for a formal certification program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) converted the BS7799 standard into ISO/IEC 17799 "Information Security Management System Implementation Rules" and ISO/IEC 27001 "Information Security Management System Requirements" in 2000 and 2005, respectively. And promoted to the world. In 1999, the China National Standardization Administration (SAC) issued the GB/T 17859 "Computer Information System Security Protection Classification Guidelines" standard, which divides information security management into five levels, which are specific to different organizations and to society. The degree of national hazard has been divided into different levels and a method of supervision has been proposed. In 2008, GBT 22081-2008 "Information Security Management System Practical Rules" and GBT 22080-2008 "Information Security Management System Requirements" corresponding to ISO/IEC 17799 and ISO/IEC 27001 were formulated and issued.
3. Information system security level
In order to accelerate the protection of information security level, standardize the protection and management of information security level, improve the information security assurance capability and level, and maintain national security. Social stability and public interest, guarantee and promote the construction of information technology, the Ministry of Public Security. Secrecy Bureau. In 2007, the Cryptography Administration and the Information Office of the State Council jointly issued the “Measures for the Protection of Information Security Levelsâ€, which standardized the administrative regulations on the information security protection of institutions/enterprises across the country, and organized and carried out National important information system security level protection rating work. At the same time, the corresponding technical specifications such as "Basic Requirements for Information System Security Level Protection", "Implementation Guide for Information System Security Level Protection", "Information System Security Level Protection Evaluation Guidelines" and "Information System Security Level Protection Rating Guide" have been formulated (National Standard approval draft) to guide domestic institutions/enterprises to protect information security.
In the "Basic Requirements for Information System Security Level Protection", it is required to identify, access control, and media management from the aspects of network security, host security, application security, data security and backup recovery, system operation and maintenance management, and security management organization. , password management, communication and data integrity. Specific requirements such as confidentiality and data backup and recovery, the information flow is divided into different levels to achieve effective protection. The security protection level of the information system is divided into five levels: the first level is the independent protection level, the second level is the protection level, the third level is the supervision protection level, the fourth level is the mandatory protection level, and the fifth level is the special protection level. .
For the three-level security protection design commonly used by the government and enterprises, it is mainly based on the three-level security cryptography technology, system security technology and communication network security technology, and has three levels of security information security mechanism and service support to achieve three levels. Design of secure computing environment, three-level secure communication network, three-level security zone boundary protection and three-level security management center.
4.VPN technology and its development trend
A VPN is a virtual private network that establishes a temporary connection through a public network (usually the Internet). A secure connection is a secure, stable tunnel through a chaotic public network. Typically, a VPN is an extension of an intranet that can help remote users. Company branch. Business partners and suppliers establish trusted and secure connections with the company's intranet and ensure the secure transmission of data. VPNs can be used for growing global Internet access for mobile users for secure connectivity; virtual private lines that can be used to securely communicate between corporate websites for secure extranet virtual private connections to business partners and users network.
VPN uses three aspects of technology to ensure the security of communication: tunneling protocol. Authentication and data encryption.
The encryption method of the VPN channel has become the main technical requirement. Currently, the VPN technology mainly includes IPSec VPN, non-IPSecVPN (such as PPTP, L2TP, etc.), and WEB-based SSLVPN.
IPSec VPN is a VPN product based on the IPSec protocol. The IPSec protocol provides tunnel security. The protocols include AH, ESP, and ISAKMP. It guarantees the reliability, privacy and confidentiality of data transmission through data encryption and authentication integrity check, and encrypts and transparently protects data on all network layers by adopting encryption and encapsulation technology. The IPSec protocol is best suited for virtual private network construction between LAN and LAN.
SSL VPN is a VPN product based on the SSL protocol. Deploying SSL VPN appliances in the enterprise center eliminates the need to install client software, enabling authorized users to securely connect to corporate network resources from any standard web browser and the Internet.
The SSL VPN product is best suited for virtual network construction between remote stand-alone users and the center.
The entire VPN communication process can be simplified into the following four steps:
(1) The client sends a connection request to the VPN server.
(2) The VPN server responds to the request and sends a request for identity authentication to the client, and the client and the VPN server confirm the identity of the other party through the exchange of information, and the identity confirmation is two-way.
(3) The VPN server and the client begin to negotiate the security tunnel and the corresponding security parameters to form a secure tunnel.
(4) Finally, the VPN server will use the client and server public key generated during the authentication process to encrypt the data and then encapsulate it through the VPN tunnel technology. encryption. Transfer to the destination internal network.
At present, most of the related VPN products disclosed abroad are software encryption, and the encryption and decryption algorithms also use the general 3DES. The RSA encryption and decryption algorithm does not meet the requirements of national password product management and application. Article 14 of Chapter 4 of the Regulations on Commercial Password Management (Order No. 273 of the State Council of the People's Republic of China, promulgated on October 7, 1999) stipulates that: Any unit or individual may only use commercial password products approved by the national password management agency. Do not use password products that are self-developed or produced overseas. In 2009, the National Cryptography Authority issued the IPSec VPN Technical Specification and the SSL VPN Technical Specification for VPN products, which clearly required the technical system and algorithm requirements of the VPN product.
5.Application of VPN technology in level protection
Among the design requirements of the four aspects of the three-level protection, VPN technology can be said to have a wide range of applications in the four major design requirements:
In the design requirements of the secure computing environment: first, in the implementation of identity authentication, in the center of the user access, the system administrator has unified user groups and user names established by the user, and the user logs in to the application system of the access center through the VPN device. The application system can be accessed when the identity is authenticated; secondly, the data integrity protection and privacy protection can prevent the user's data from being maliciously altered and stolen during transmission.
In the design requirements of the security zone boundary: the boundary control of the network boundary subsystem is integrated with the VPN function to improve the network packet processing efficiency while ensuring transmission security.
In the design requirements of the secure communication network: the subsystem of the network security communication is mainly to establish a secure channel for the communication parties across the boundary of the area, and establish a secure VPN tunnel to transmit data through the IPSEC protocol. Complete security protection of borders or departmental server boundaries in the entire application system, providing encryption for secure transmission of information between the internal network and the external network. Security mechanisms such as identity authentication and access control. Add a network VPN gateway before the total route between the client and the application server, and establish a VPN tunnel through IPSEC protocol or SSL protocol to provide encrypted transmission for incoming and outgoing data, and implement encrypted communication of application data.
In the design requirements of the Security Management Center: In system management, VPN technology can achieve good protection in host resources and user management, and monitors user login, peripheral interfaces, network communication, file operations, and process services. Ensure that important information is secure and controllable to meet the security regulatory requirements of the host.
6. Conclusion
VPN technology not only greatly saves the construction and operation and maintenance costs of the enterprise network, but also enhances the reliability and security of the network and meets the protection requirements of the information system security level. VPN technology and products will not promote the security level protection of information systems. Underestimated role.
Featuring Level VI energy efficiency and meet IEC/EN/UL 62368-1 safety standards, the external AC to DC power adapters are available in variety of international different AC input blade versions for United States, Japan and Canada, and provides 8 safety protections. The series US ac wall mount power adapters follows the PC flame retardant plastic case and 3 years warranty.
US Plug AC Adapter,UL DC Adaptor,Wall Mounted Adapter,Wall Switching Adapter,Power Plug Adapters,100V-240V Plug Adapter
Shenzhenshi Zhenhuan Electronic Co Ltd , https://www.szzhpower.com